1 |
On Fri, 2006-12-01 at 07:22 -0600, Andrew Gaffney wrote: |
2 |
> Steve Long wrote: |
3 |
> >>> There'll always be GLSA's to respond to. That's another issue that |
4 |
> >>> needs to be handled w/ a slow-moving tree. Are you going to restrict |
5 |
> >>> changes in the slow-moving tree only to changes against a GLSA? |
6 |
> >> That's what we've said. |
7 |
> >> |
8 |
> > I don't have a problem with this at all. The slow-moving tree isn't; it's a |
9 |
> > release tree. The only question I have, which Stuart also mentioned, is |
10 |
> > whether all security updates go thru the GLSA process. |
11 |
> |
12 |
> Are you asking if all security updates that are done to the release will have |
13 |
> gone through the GLSA process? I'd say the answer is yes, since the only updates |
14 |
> that will go in the release tree are security updates from GLSAs :P |
15 |
|
16 |
Actually, we would have to review the process, since not everything that |
17 |
gets a security bug ends up with a GLSA. My current loose rule is that |
18 |
if it deserves a GLSA, then it deserves and update, but I don't know the |
19 |
exact criteria the security team uses to decide if something warrants a |
20 |
GLSA or not. |
21 |
|
22 |
-- |
23 |
Chris Gianelloni |
24 |
Release Engineering Strategic Lead |
25 |
Alpha/AMD64/x86 Architecture Teams |
26 |
Games Developer/Council Member/Foundation Trustee |
27 |
Gentoo Foundation |